#VU12311 Use of cryptographically weak PRNG


Published: 2018-05-01

Vulnerability identifier: #VU12311

Vulnerability risk: Low

CVSSv3.1: 6.4 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2018-1426

CWE-ID: CWE-338

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
IBM DB2
Server applications / Database software

Vendor: IBM Corporation

Description
The vulnerability allows a remote unauthenticated attacker to obtain potentially sensitive information and write arbitrary files on the target system.

The weakness exists due to IBM GSKit duplicates the PRNG state across fork() system calls when multiple ICC instances are loaded which can result in duplicate Session IDs and a risk of duplicate key material. A remote attacker can gain access to potentially sensitive information and write arbitrary files.

Mitigation
Install update from vendor's website.

Vulnerable software versions

IBM DB2: 9.7, 10.1, 10.5, 11.1

CPE

External links
https://exchange.xforce.ibmcloud.com/vulnerabilities/139071


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability